The Department of Energy notified its employees Monday of a recent cyber incident that occurred in mid-January.

The cyber-attack targeted the headquarters’ network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information.

NNSA spokesman Josh McConaha said no further information was available on the situation.

The email to employees said no classified data was compromised.

Here is a portion of the email:
• “The Department is strongly committed to protecting the integrity of each employee’s PII and takes any cyber incident very seriously. The department’s Cybersecurity Team, the Office of Health, Safety and Security and the Inspector General’s office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors. Based on the findings of this investigation, no classified data was compromised.”
• “We believe several hundred DOE employees’ and contractors’ PII may have been affected. As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft.”
• “Once the full nature and extent of this incident is known, the department will implement a full remediation plan. As more specific information is gathered regarding affected employees and contractors, the department will make further notifications.”
• “The department is also leading an aggressive effort to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of the department’s Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the department’s networks and deploying specialized defense tools to protect sensitive assets.”
• “Cybersecurity is a shared responsibility,and we all play an important role in maintaining the integrity and security of our networks. To help minimize impacts and reduce any potential risks, please keep the following best practices in mind:
• Encrypt all files and emails containing PII or sensitive information, including files stored on hard drives or on the shared network.”